Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tuf: add debug info if tuf update fails #1766

Merged
merged 2 commits into from Apr 17, 2022
Merged

tuf: add debug info if tuf update fails #1766

merged 2 commits into from Apr 17, 2022

Conversation

asraa
Copy link
Contributor

@asraa asraa commented Apr 15, 2022
edited

Signed-off-by: Asra Ali asraa@google.com

Summary

  • Adds debug info (the state of the remote repository) if a TUF update fails.

Ticket Link

Related sigstore/root-signing#166

Release Note

Example output (I manually edited one file so sigs would fail):

$ rm -r $HOME/.sigstore && ./cosign initialize --mirror http://localhost:8001
Error: updating local metadata and targets: error updating to TUF remote mirror: tuf: failed to decode timestamp.json: tuf: signature verification failed
remote status:{
	"mirror": "http://localhost:8001",
	"metadata": {
		"root.json": {
			"version": 2,
			"len": 5297,
			"expiration": "11 May 22 19:09 UTC"
		},
		"snapshot.json": {
			"version": 24,
			"len": 1659,
			"expiration": "29 Apr 22 00:54 UTC"
		},
		"targets.json": {
			"version": 2,
			"len": 4167,
			"expiration": "11 May 22 19:10 UTC"
		},
		"timestamp.json": {
			"version": 24,
			"len": 720,
			"expiration": "29 Apr 22 00:54 UTC"
		}
	}
}

@asraa
add debug info for tuf update fail
eab616a 
Signed-off-by: Asra Ali <asraa@google.com>
@codecov-commenter
Copy link

codecov-commenter commented Apr 15, 2022
edited

Codecov Report

Merging #1766 (e777d62) into main (1bd6871) will increase coverage by 0.13%.
The diff coverage is 55.20%.

@@            Coverage Diff             @@
##             main    #1766      +/-   ##
==========================================
+ Coverage   31.26%   31.39%   +0.13%     
==========================================
  Files         144      144              
  Lines        8830     8879      +49     
==========================================
+ Hits         2761     2788      +27     
- Misses       5741     5755      +14     
- Partials      328      336       +8
Impacted Files Coverage Δ
pkg/cosign/tuf/client.go 62.50% <55.20%> (-1.14%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1bd6871...e777d62. Read the comment docs.

haydentherapper
haydentherapper approved these changes Apr 15, 2022
View reviewed changes
pkg/cosign/tuf/client.go Show resolved Hide resolved
pkg/cosign/tuf/client.go Outdated
@@ -360,6 +383,12 @@ func embeddedLocalStore() (client.LocalStore, error) {
return local, nil
}

type signedMeta struct {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a struct defined in go-tuf we can use? For timestamp, can we use https://github.com/theupdateframework/go-tuf/blob/5b81b7e5604bfae2f0dcecd041e2e44f0128c992/data/types.go#L310?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a private struct, not exported in go-tuf. I don't really want to condition on metadata type though, and all metadata defines these three.

pkg/cosign/tuf/client.go Show resolved Hide resolved
@asraa
move debugging funcs to top
e777d62 
Signed-off-by: Asra Ali <asraa@google.com>
@dlorenc dlorenc merged commit f2c360e into sigstore:main Apr 17, 2022
@github-actions github-actions bot added this to the v1.8.0 milestone Apr 17, 2022
mlieberman85 pushed a commit to mlieberman85/cosign that referenced this pull request May 6, 2022
@asraa @mlieberman85
tuf: add debug info if tuf update fails (sigstore#1766)
805af4a 
* add debug info for tuf update fail

Signed-off-by: Asra Ali <asraa@google.com>

* move debugging funcs to top

Signed-off-by: Asra Ali <asraa@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dlorenc dlorenc dlorenc approved these changes

@haydentherapper haydentherapper haydentherapper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.8.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@asraa @codecov-commenter @dlorenc @haydentherapper